General

  • Target

    DHL_Doc.9787653446578978656879764534576879764545766456.exe

  • Size

    1.1MB

  • Sample

    241007-j3vlcsvekl

  • MD5

    818a770046a16c13f03e6a582e6206d2

  • SHA1

    e7fd93b6def1f50c3ebbb0e32561dbbc9a1a82b8

  • SHA256

    0eee8e3b1a6558f648e2519e494ea36b8e079bf6e0cbba55bfa9dcbfc99eac11

  • SHA512

    ab46a3e16606b7f00c4acf3f3fc25168ba31c839a073dc5be5eea6d2a70074bdd8be8c23a92017580ded507d5bb11423f3fb0b1303729cb5be5b96fab6f4c42e

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLbjoE+w82YslApHKgfSqf/b7xN+SBfv:f3v+7/5QLfx+w1Y6AAg1hQSB3

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    urchman@elquijotebanquetes.com
  • Password:
    -GN,s*KH{VEhPmo)+f

Targets

    • Target

      DHL_Doc.9787653446578978656879764534576879764545766456.exe

    • Size

      1.1MB

    • MD5

      818a770046a16c13f03e6a582e6206d2

    • SHA1

      e7fd93b6def1f50c3ebbb0e32561dbbc9a1a82b8

    • SHA256

      0eee8e3b1a6558f648e2519e494ea36b8e079bf6e0cbba55bfa9dcbfc99eac11

    • SHA512

      ab46a3e16606b7f00c4acf3f3fc25168ba31c839a073dc5be5eea6d2a70074bdd8be8c23a92017580ded507d5bb11423f3fb0b1303729cb5be5b96fab6f4c42e

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLbjoE+w82YslApHKgfSqf/b7xN+SBfv:f3v+7/5QLfx+w1Y6AAg1hQSB3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.